VYPR
Unrated severityNVD Advisory· Published Aug 30, 2014· Updated Jun 17, 2026

CVE-2014-3908

CVE-2014-3908

Description

The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Amazon/Kindle3 versions
    cpe:2.3:a:amazon:kindle:4.4.0:*:*:*:*:android:*:*+ 2 more
    • cpe:2.3:a:amazon:kindle:4.4.0:*:*:*:*:android:*:*
    • cpe:2.3:a:amazon:kindle:*:*:*:*:*:android:*:*range: <=4.4.4
    • (no CPE)range: <4.5.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.